OPM fingerprint revelations add tension to China visit

Frightening news that the scope of a federal government data breach thought to have originated in China is worse than Americans realized comes as Chinese President Xi Jinping joins President Barack Obama. The conversation could get tense, as the revelations underline the need for Obama to pressure the Asian power to crack down on cyberattacks against U.S. agencies and businesses.

The extensive theft of personal data maintained by the Office of Personnel Management affected an estimated 21.5 million federal employees or job applicants and could aid the communist nation in attempting to blackmail or bribe Americans into stealing government secrets. On Wednesday, OPM disclosed even more dire news: that hackers stole the fingerprints of an estimated 5.6 million people, far more than the 1 million previously thought and potentially giving Chinese intelligence the ability to spot U.S. agents traveling covertly around the world.

Fingerprints are forever, and can help identify an official or undercover agent no matter what alias or password he or she uses. With that risk in mind, the FBI, Defense Department and intelligence agencies are working to determine and limit ways that the trove of stolen biometric data could be misused, OPM spokesman Samuel Schumach said in a statement.

"Federal experts believe that, as of now, the ability to misuse fingerprint data is limited," Schumach said. "However, this probability could change over time as technology evolves."

See photos of the Chinese president's visit to the U.S.:

14PHOTOS

Chinese President Xi Jinping in the USA

See Gallery

OPM fingerprint revelations add tension to China visit

Chinese President Xi Jinping and his wife Peng Liyuan wave as they arrive in Andrews Air Force Base, Md., Thursday, Sept. 24, 2015, en route to Washington for a State Visit. (AP Photo/Carolyn Kaster)

US President Barack Obama and China's President Xi Jinping walk from the White House to a working dinner at Blair House, on September 24, 2015 in Washington, DC. AFP PHOTO/MANDEL NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)

US President Barack Obama and China's President Xi Jinping (R) walk from the White House to a working dinner at Blair House, on September 24, 2015 in Washington, DC. AFP PHOTO/MANDEL NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)

SEATTLE, Sept. 23, 2015: Chinese President Xi Jinping addresses a reception held by Chinese community in the United States in Seattle, the United States, Sept. 23, 2015. Xi's wife Peng Liyuan also attended the event on Wednesday. (Xinhua/Huang Jingwen via Getty Images)

SEATTLE, Sept. 23, 2015: Chinese President Xi Jinping, front left, greets a student during his visit to the Lincoln High School in Tacoma of Washington State, the United States, Sept. 23, 2015. (Xinhua/Lan Hongguang via Getty Images)

SEATTLE, Sept. 23, 2015: Chinese President Xi Jinping, second left, presents a sapling of metasequoia to mark the establishment of the Global Innovation Exchange, a partnership jointly established by the University of Washington and Tsinghua University, during his visit to the Microsoft headquarters in Redmond of Washington State, the United States, Sept. 23, 2015. (Xinhua/Lan Hongguang via Getty Images)

President Barack Obama greets Chinese President Xi Jinping, right, as he arrives the White House in Washington, Thursday, Sept. 24, 2015, for a private dinner at the Blair House, across the street from the White House. Xi arrived in Washington late Thursday for a State Visit. Obama has invested more time building personal ties with the Chinese president than with most other world leaders. (AP Photo/Manuel Balce Ceneta)

Vice President Joe Biden gestures toward Chinese President Xi Jinping and his wife Peng Liyuan during an arrival ceremony in Andrews Air Force Base, Md., Thursday, Sept. 24, 2015. Chinese President Xi Jinping and his wife Peng Liyuan are traveling to Washington for a State Visit. (AP Photo/Carolyn Kaster)

Harry Shum, left, Microsoft Executive Vice President of Technology and Research, talks with Chinese President Xi Jinping, right, in front of a display of devices running the Windows operating system that were made in China by ZTE Corporation during a tour of Microsoft's main campus in Redmond, Wash., Wednesday, Sept. 23, 2015. (AP Photo/Ted S. Warren, Pool)

Chinese President Xi Jinping and President Barack Obama toast with first lady Michelle Obama during a State Dinner, Friday, Sept. 25, 2015, in the East Room of the White House in Washington. (AP Photo/Andrew Harnik)

WASHINGTON D.C., Sept. 25, 2015-- Chinese President Xi Jinping, second right, and his wife Peng Liyuan, left, are welcomed by U.S. President Barack Obama, right, and his wife Michelle Obama at the White House in Washington D.C., the United States, Sept. 25, 2015. Xi arrived in Washington, the second stop of his state visit to the United States, on Thursday after a busy two-and-a-half-day stay in Seattle. (Xinhua/Pang Xinglei via Getty Images)

U.S. First Lady Michelle Obama, left, adjusts U.S. President Barack Obama's bow-tie prior to greeting Xi Jinping, China's president, and Peng Liyuan, China's first lady, both not pictured, on the North Portico of the White House during a state visit in Washington, D.C., U.S., on Friday, Sept. 25, 2015. The U.S. and China announced agreement obroad anti-hacking principles aimed at stopping the theft of corporate trade secrets though Obama pointedly said he has not ruled out invoking sanctions for violators. Photographer: Pete Marovich/Bloomberg via Getty Images

Up Next

See Gallery

Discover More Like This

of

SEE ALL

BACK TO SLIDE

SHOW CAPTION
+

HIDE CAPTION
–

China, like Russia, is believed to access online information stolen by criminal groups secondhand, giving it the ability to deny direct responsibility for attacks on foreign government agencies and businesses, says former CIA operative Robert Baer. If they're able to match the stolen fingerprints with government employment records or applications gleaned from the OPM breach, he says, the implications for both national and personal security are huge.

"Once they get into this kind of data, they can get into other data like cellphones and other aspects of people's lives," Baer says. "There is nothing government can do to mitigate the exposure. They may have to get a whole new set of people as covert operatives in China. That's an enormous expense."

Xi this week appeared to deny that his government is responsible for online theft of secrets from businesses and agencies during a speech to American business executives in Seattle. And yet the communist nation's J-31 prototype looks like a close copy of the U.S. Navy's F-35 plane, security analysts have told U.S. News, indicating that China-based hackers have likely stolen the military's plans for the fighter jet. China also has not extradited five members of the People's Liberation Army whom the Justice Department charged last May with allegedly stealing trade secrets and communications from U.S. companies.

During his visit, the Chinese president almost certainly will face more pressure from Obama to address cybercrime following the additional revelations about the theft of federal data, says Shawn Henry, former executive assistant director in charge of the FBI's Criminal, Cyber, Response and Services Branch.

"We are seeing China conduct espionage on a massive scale, gaining unprecedented access to sensitive data, intellectual property and other assets that hold competitive advantages for U.S.-based firms and government agencies," says Henry, who is now president of the cybersecurity firm CrowdStrike. "The reality is that organizations need to prepare for being hacked [and need] to detect intrusions early and prevent the extraction of data. "

Obama suggested on Sept. 16 during remarks to business executives in Washington that he is preparing to levy sanctions against China in retaliation for hacking incidents, noting that "industrial espionage" and "stealing trade secrets" are things "that will put significant strains on the bilateral relationship if not resolved."

Any sanctions levied would likely draw on an executive order issued in April that gives U.S. officials the ability to impose punitive measures "on individuals or entities" connected to online theft.

"We are encouraged to see the administration take a more aggressive stance in its dialogue with China," Henry says on behalf of CrowdStrike. "Sanctions penalizing businesses taking advantage of stolen trade secrets can be effective in reducing the scale of state-sponsored espionage."

Assistant Secretary of State Daniel Russel tells U.S. News that Chinese diplomats are committed to addressing problems with the U.S., as behind-the-scenes conversations between the nations have become increasingly blunt on topics like cybersecurity. The administration also may be on the verge of addressing some cybersecurity concerns with an agreement by both sides not to use online weapons to attack critical infrastructure during peacetime, The New York Times reports.

The White House, however, scaled back expectations about such an agreement being imminent during a conference call with reporters on Tuesday.

"That would be ... a long-term goal of working towards establishing those norms," said Dan Kritenbrink, senior director for Asian affairs at the National Security Council. "I think we're a long ways from getting there, but that certainly is the goal."

China may already be developing offensive hacking weapons, evidenced by the display earlier this year of its "Great Cannon," which redirected traffic flowing through China's networks to overload the servers of U.S.-based GitHub in a massive direct denial of service attack.

And despite any efforts by Obama during the state visit, it's "unlikely that China will change its stripes on cybersecurity," predicts Kevin Kearns, president of the U.S. Business & Industry Council, who adds "many other egregious behaviors will likely meet with little or no progress between the two nations."

"The Chinese are hoovering up every bit of information they can," he says. "The existence of an agreement is not going to change that."

To better protect U.S. networks from online espionage, he says agencies must recognize that "government doesn't move fast enough to keep up with cybersecurity," and that businesses need to take the problem more seriously. Indeed, Defense Secretary Ash Carter has said the Pentagon needs more help from Silicon Valley to bolster its capabilities in the cyber realm.

"We have to ramp up our security; it has to be unilateral, we can't be lax about it," Kearns says.